T-Mobile said a “bad actor” abused an application programming interface (API) to hoover up data on roughly 37 million current postpaid and prepaid customer accounts. The data stolen included customer name, billing address, email, phone number, date of birth, T-Mobile account number, as well as information on the number of customer lines and plan features. […]
According to a PayPal notice of security incident dated January 18, attackers got unauthorized access to the accounts of thousands of users between December 6 and 8, 2022. The total number of accounts that were accessed by threat actors using a credential stuffing attack is reported as being 34,942.
NortonLifeLock warns customers that criminals have broken into their Norton Password Manager, an online password manager, and advises that all stored credentials be changed immediately. The password manager can be used via a Norton account and can generate passwords and store them in an “online vault”. The password manager is available as a browser extension […]
Every person has the right to know to whom his or her personal data have been disclosed.A citizen requested Österreichische Post, the principal operator of postal and logistical services in Austria, to disclose to him the identity of the recipients to whom it had disclosed his personal data. The post gave petitioner only the categories […]
A zero-day vulnerability in FortiOS SSL VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations.” “The attacks entailed the exploitation of CVE-2022-42475, a heap-based buffer overflow flaw that could enable an unauthenticated remote attacker to execute arbitrary code via specifically crafted requests.”
Meta received a GDPR fine of €390M (210 million and €180 million fines for Facebook and Instagram) and accused the company of lacking proper legal grounds to process millions of Europeans’ with its data-fueled advertising model. Meta strongly disagree with the DPC’s final decision, and believes to fully comply with GDPR by relying on Contractual […]
The US government demands direct access to databases of European police services containing biometric data of European citizens. The US makes this entry mandatory for countries participating in the so-called Visa Waiver Program, which allows citizens of certain countries to travel to the United States without a visa. At the beginning of this year, US […]
The hacker copied information from backup that contained basic LastPass customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The threat actor was also able to copy a backup of customer vault data from the […]
Meta has agreed to pay $725 million to resolve a class-action lawsuit accusing the social media giant of allowing third parties, including Cambridge Analytica, to access users’ personal information. Lawyers for the plaintiffs called the proposed settlement the largest to ever be achieved in a U.S. data privacy class action and the most that Meta […]
The American crypto exchange Gemini leaks private data of 5.3 million users, which is subsequently being used for targeted phishing attacks. It concerns e-mail addresses and partial telephone numbers. According to Gemini, the data was stolen from an unnamed “third-party” supplier. No further details about the data breach have been provided. Gemini does advise users […]